From 3ba95f8bd984a0033c0b2da9974f67f537dedc9e Mon Sep 17 00:00:00 2001
From: Michael Foord <michael@voidspace.org.uk>
Date: Thu, 22 Dec 2011 01:13:37 +0000
Subject: Metaclasses with metaclasses with a __dict__ descriptor can no longer
 trigger code execution with inspect.getattr_static. Closes issue 11829.

---
 Lib/inspect.py           |  9 +++++----
 Lib/test/test_inspect.py | 17 +++++++++++++++++
 Misc/NEWS                |  3 +++
 3 files changed, 25 insertions(+), 4 deletions(-)

diff --git a/Lib/inspect.py b/Lib/inspect.py
index ffbe66f..2031755 100644
--- a/Lib/inspect.py
+++ b/Lib/inspect.py
@@ -1161,10 +1161,11 @@ def getattr_static(obj, attr, default=_sentinel):
     if obj is klass:
         # for types we check the metaclass too
         for entry in _static_getmro(type(klass)):
-            try:
-                return entry.__dict__[attr]
-            except KeyError:
-                pass
+            if _shadowed_dict(type(entry)) is _sentinel:
+                try:
+                    return entry.__dict__[attr]
+                except KeyError:
+                    pass
     if default is not _sentinel:
         return default
     raise AttributeError(attr)
diff --git a/Lib/test/test_inspect.py b/Lib/test/test_inspect.py
index 56f9929..fad4d5a 100644
--- a/Lib/test/test_inspect.py
+++ b/Lib/test/test_inspect.py
@@ -1088,6 +1088,23 @@ class TestGetattrStatic(unittest.TestCase):
         self.assertIsNot(inspect.getattr_static(sys, "version", sentinel),
                          sentinel)
 
+    def test_metaclass_with_metaclass_with_dict_as_property(self):
+        class MetaMeta(type):
+            @property
+            def __dict__(self):
+                self.executed = True
+                return dict(spam=42)
+
+        class Meta(type, metaclass=MetaMeta):
+            executed = False
+
+        class Thing(metaclass=Meta):
+            pass
+
+        with self.assertRaises(AttributeError):
+            inspect.getattr_static(Thing, "spam")
+        self.assertFalse(Thing.executed)
+
 class TestGetGeneratorState(unittest.TestCase):
 
     def setUp(self):
diff --git a/Misc/NEWS b/Misc/NEWS
index 1ad91c0..9168a55 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -97,6 +97,9 @@ Core and Builtins
 Library
 -------
 
+- Issue #11829: Fix code execution holes in inspect.getattr_static for
+  metaclasses with metaclasses. Patch by Andreas Stührk.
+
 - Issue #1785: Fix inspect and pydoc with misbehaving descriptors.
 
 - Issue #11813: Fix inspect.getattr_static for modules. Patch by Andreas
-- 
cgit v0.12